For the purposes of mental exercise, I have written the synopsis for a fictional film about the ongoing conflict between tennis player Novak Djokovic and the Australian government. My goal is to explain a couple of current Cybersecurity issues.
Novak plays the role a hacktivist — that’s a type of hacker who makes political statements to create an awareness of the issues he considers important. Whether you see him as a ‘’white hat’’ (beneficial) or a ‘’black hat’’ (destructive) depends on your personal views. For this scenario, we will take him as a black hat. Novak’s goal is to hack Australian vaccination policies. His personal conviction is that mandatory vax certificates jeopardize civil liberties, such as freedom of movement.
As the world’s No 1 tennis player, Novak is about to join the annual Australia Open. But this year, he doesn’t want medals. Instead, he decides to throw a bait at the Australian government. Novak asks Australia to issue a medical exemption so that he can obtain a visa without vaccination. In the past, he recovered from Covid twice. However, he keeps the physical records out of public view. In this way, the proof of medical exemption becomes virtual: you don’t have to hold it in your hands, to believe it. Novak is relying on the fact that cybersecurity is a new phenomenon. Tech innovation moves at lightspeed, and human law isn’t always keeping up the pace. The public may not be informed that digital certificates are as legal as their physical counterpart.
Novak’s plan seems to work. He is a granted access on the basis of the exemption. But upon arrival in Australia, the government revokes his visa. Apparently, there was a legal problem, where Australia claims Novak received false information about the policies. This causes Novak to launch a defense. He wins, and gets another visa clearance. The government informs him the visa can be revoked again. Australia’s policies provide ministers with discretionary powers to overturn the decision. Although the battle takes place in the courtroom, the real problem is in the cyber realm. By playing games with digital versus physical evidence, Novak exposed vulnerabilities in Australia’s legal system.
The whole process is broadcast live on the Internet. Novak launches a brute force attack on the audiences, streaming his image (and his arguments) relentlessly. As a media superstar, he knows very well how reality TV works. Telling the truth is far less impactful than flooding the virtual space with one’s star persona. Novak knows that even if he doesn’t win the case, he will have breached security. In part, this comes from the nature of the virtual spectacle. The courtroom is now available in your living room. You feel close to the event, yet powerless to change anything. This creates a frustrating, disorienting effect, expanding your confusion about digital certificates. Can I trust the laws if I am not sure that they really exist?
Finally, despite winning the case, Novak is told that his visa will be revoked again. At the time of this writing, he is mounting another battle to reverse the decision. Whatever the outcome, Novak’s hacktivist goal is accomplished. The WHO published a statement on the case, saying that mandatory vaccination should be the last resort in a government’s vaccination policy. This may (or may not) alter the actual policy, but it has challenged the public perception of Covid certificates,
I wonder if you recognize the current cybersecurity issues I am trying to explain. I am also curious if you feel that scenes from such a movie could be used as examples in Awareness training content. Feel free to comment on those aspects.